ansible-vault
ansible-vault copied to clipboard
feat(seal): add support for ocikms
This pull request adds support for Oracle Cloud KMS Auto-unseal feature. It has been successfully tested on OCI platform.
The minimum variables needed to configure for testing are:
- vault_ocikms: true
- vault_ocikms_key_id: 'key_id'
- vault_ocikms_crypto_endpoint: 'crypto_endpoint'
- vault_ocikms_management_endpoint: 'management_endpoint'
The official docs have additional instructions: https://www.vaultproject.io/docs/configuration/seal/ocikms
Config example:
vault_ocikms: true
vault_ocikms_auth_type_api_key: false
vault_ocikms_key_id: ocid1.key.oc1.sa-saopaulo-1.example
vault_ocikms_crypto_endpoint: https://example-crypto.kms.sa-saopaulo-1.oraclecloud.com
vault_ocikms_management_endpoint: https://example-management.kms.sa-saopaulo-1.oraclecloud.com
The dedicated config template step has been replaced by the include block because by default, only the main configuration file (vault_main.hcl) is used, otherwise it would be necessary to set the vault_use_config_path variable to load this seal config.
Further details also added to README.md
Regards,
Could you give this a review @bbaassssiiee? Thank you
Conflicts resolved
@bbaassssiiee Anything else I can do to get this merged ?